VAR-201712-0583
Vulnerability from variot - Updated: 2025-04-20 23:34On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers' installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well ("wireless cloning"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. Hoermann BiSecur The device contains a cryptographic vulnerability.Denial of service (DoS) May be in a state. HoermannBiSecurdevices is a security door remote control device from Hoermann, Germany. A security vulnerability exists in previous versions of HoermannBiSecur device 2018
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201712-0583",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "hs5-868-bs",
"scope": "eq",
"trust": 1.6,
"vendor": "hoermann",
"version": null
},
{
"model": "hse1-868-bs",
"scope": "eq",
"trust": 1.6,
"vendor": "hoermann",
"version": null
},
{
"model": "hse2-868-bs",
"scope": "eq",
"trust": 1.6,
"vendor": "hoermann",
"version": null
},
{
"model": "hs5-868-bs",
"scope": null,
"trust": 0.8,
"vendor": "hoermann",
"version": null
},
{
"model": "hse1-868-bs",
"scope": null,
"trust": 0.8,
"vendor": "hoermann",
"version": null
},
{
"model": "hse2-868-bs",
"scope": null,
"trust": 0.8,
"vendor": "hoermann",
"version": null
},
{
"model": "bisecur devices",
"scope": "lt",
"trust": 0.6,
"vendor": "hoermann",
"version": "2018"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:hoermann:hs5-868-bs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hoermann:hse1-868-bs_firmware",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:hoermann:hse2-868-bs_firmware",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
}
]
},
"cve": "CVE-2017-17910",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CVE-2017-17910",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 1.8,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "CNVD",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "CNVD-2018-02819",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.6,
"vectorString": "AV:A/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 3.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 6.5,
"id": "VHN-108980",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:A/AC:L/AU:N/C:N/I:N/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "ADJACENT",
"author": "nvd@nist.gov",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 2.8,
"id": "CVE-2017-17910",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.8,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2017-17910",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2017-17910",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNVD",
"id": "CNVD-2018-02819",
"trust": 0.6,
"value": "LOW"
},
{
"author": "CNNVD",
"id": "CNNVD-201801-045",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-108980",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "On Hoermann BiSecur devices before 2018, a vulnerability can be exploited by recording a single radio transmission. An attacker can intercept an arbitrary radio frame exchanged between a BiSecur transmitter and a receiver to obtain the encrypted packet and the 32-bit serial number. The interception of the one-time pairing process is specifically not required. Due to use of AES-128 with an initial static random value and static data vector (all of this static information is the same across different customers\u0027 installations), the attacker can easily derive the utilized encryption key and decrypt the intercepted packet. The key can be verified by decrypting the intercepted packet and checking for known plaintext. Subsequently, an attacker can create arbitrary radio frames with the correct encryption key to control BiSecur garage and entrance gate operators and possibly other BiSecur systems as well (\"wireless cloning\"). To conduct the attack, a low cost Software Defined Radio (SDR) is sufficient. This affects Hoermann Hand Transmitter HS5-868-BS, HSE1-868-BS, and HSE2-868-BS devices. Hoermann BiSecur The device contains a cryptographic vulnerability.Denial of service (DoS) May be in a state. HoermannBiSecurdevices is a security door remote control device from Hoermann, Germany. A security vulnerability exists in previous versions of HoermannBiSecur device 2018",
"sources": [
{
"db": "NVD",
"id": "CVE-2017-17910"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
}
],
"trust": 2.25
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2017-17910",
"trust": 3.1
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045",
"trust": 0.7
},
{
"db": "CNVD",
"id": "CNVD-2018-02819",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-108980",
"trust": 0.1
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"id": "VAR-201712-0583",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
}
],
"trust": 1.7
},
"iot_taxonomy": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot_taxonomy#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"category": [
"Network device"
],
"sub_category": null,
"trust": 0.6
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
}
]
},
"last_update_date": "2025-04-20T23:34:15.163000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "http://www.hoermann.com"
},
{
"title": "Patch for HoermannBiSecur Device Key Acquisition Vulnerability",
"trust": 0.6,
"url": "https://www.cnvd.org.cn/patchInfo/show/115793"
},
{
"title": "Hoermann BiSecur Repair measures for device security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=77407"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-330",
"trust": 1.1
},
{
"problemtype": "CWE-310",
"trust": 0.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-108980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 3.1,
"url": "https://docs.wixstatic.com/ugd/28ba71_6ecc3158975a484d827e935edda4fa17.pdf"
},
{
"trust": 1.7,
"url": "https://www.trustworks.at/publications"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17910"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2017-17910"
}
],
"sources": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"db": "VULHUB",
"id": "VHN-108980"
},
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"date": "2017-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-108980"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"date": "2018-01-03T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"date": "2017-12-29T19:29:00.263000",
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-02-06T00:00:00",
"db": "CNVD",
"id": "CNVD-2018-02819"
},
{
"date": "2019-10-03T00:00:00",
"db": "VULHUB",
"id": "VHN-108980"
},
{
"date": "2018-01-29T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2017-011843"
},
{
"date": "2019-10-23T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201801-045"
},
{
"date": "2025-04-20T01:37:25.860000",
"db": "NVD",
"id": "CVE-2017-17910"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote or local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hoermann BiSecur Device cryptographic vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2017-011843"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "security feature problem",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201801-045"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…